Static vulnerability scanners check known CVEs against fixed databases. ChainGuard uses AI to detect anomalous patterns, hidden risks, and emerging threats in your software supply chain — before they have a CVE number.
Early Warning vs Public Advisory
Dependency Visibility
Supply Chain Monitoring
Blind Spots in Transitive Deps
Capabilities
ChainGuard goes deeper than CVE databases. It understands the behavioral patterns of supply chain risk — abandoned maintainers, suspicious dependency changes, and anomalous update patterns.
Go beyond inventory. ChainGuard analyzes your SBOM for hidden transitive risks, version conflicts, abandoned maintainers, and anomalous dependency patterns that static scanners miss.
Not every CVE is critical in your context. ChainGuard correlates vulnerabilities with your actual usage patterns, deployment topology, and exposure surface to score real risk, not theoretical severity.
AI monitors your dependency graph for suspicious changes — unexpected new dependencies, unusual version jumps, maintainer transfers, and patterns associated with supply chain attacks.
Continuous monitoring of your software vendors: maintenance activity, security posture signals, community health indicators, and early warning signs of abandoned or compromised projects.
Automated license detection, conflict identification, and policy enforcement. Know exactly what licenses exist in your dependency tree and where they conflict with your policies.
When any organization on the OneBastion network detects a supply chain anomaly, the signal is anonymized and shared — giving you early warning before public advisories.
Contextual Risk Scoring
A critical CVE in a library you import but never call is different from a medium CVE in a function that handles authentication. ChainGuard scores risk based on your actual usage, not just CVSS severity.
The result: your team focuses on what actually matters, not what a generic scanner says matters. Alert fatigue drops. Real risks get attention.
Directly invoked in authentication path. Exploitable in your deployment.
Transitive dependency. Affected function not reachable from your code.
Used in production logging. Potential for log injection in error paths.
1 of 3 CVEs requires immediate action. ChainGuard re-scored based on your deployment topology and code reachability analysis.
Network Early Warning
When any organization on the OneBastion network detects an anomalous supply chain signal — a suspicious dependency update, a maintainer change, an unexpected behavioral shift — the anonymized signal is shared with the entire network. You get early warning hours or days before a public CVE is issued.
Anomaly Detected
Organization A detects unusual behavior in a popular npm package.
Signal Shared
Anonymized anomaly signal distributed to all network participants.
Your Alert
ChainGuard alerts you: this package is in your dependency tree. Recommended action: pin version.
Public Advisory
CVE published. You're already patched. Others are just finding out.
Upload your first SBOM and see risks that traditional scanners miss — in minutes.